Rights Object Authentication in Anchor Point-Based Digital Rights Management

1. A method comprising: authenticating a rights object using a secure anchor point device, the secure anchor point comprising a secure, unique, hard-to-falsify circuit, the rights object being provided by a content provider and defining one or more rights to use an encrypted digital property instance, the authenticating including: generating in the secure anchor point device a signature based on a signing key; transmitting the signature from the secure anchor point device to the content provider; receiving in the secure anchor point device a signed rights object from a digital rights management module, the signed rights object including the rights object and the signature, responsive to transmitting the signature to the content provider; and receiving a title pre-key when use of the encrypted digital property is in accordance with the one or more rights defined in the signed rights object; verifying the signed rights object in the secure anchor point device using the signing key.

2. The method of claim 1 further comprising: receiving in the secure anchor point device from the digital rights management module a title pre-key associated with the signed rights object and the encrypted digital property instance; generating in the secure anchor point device a title key based on the received title pre-key, the title key being usable to decrypt the encrypted digital property instance, if the verifying operation authenticates the signed rights object.

3. The method of claim 1 wherein the receiving operation comprises receiving in the secure anchor point device a combination of the signed rights object and a title pre-key from the digital rights management module, and further comprising: generating based on the title pre-key a title key usable to decrypt the encrypted digital property instance in the secure anchor point device, if the verifying operation authenticates the signed rights object.

4. The method of claim 1 further comprising: securely storing the signing key in the secure anchor point device.

5. The method of claim 1 further comprising: securely storing the signing key in the secure anchor point device in association with a binding record corresponding to the encrypted digital property instance, the binding record containing a binding key that decrypts a title pre-key received from the digital rights management module to generate a title key usable to decrypt the encrypted digital property instance.

6. The method of claim 1 further comprising: receiving in the secure anchor point device the signed rights object and a modified rights object; verifying in the secure anchor point device the signed rights object using the signing key; generating in the secure anchor point device a new signature based on a new signing key and the modified rights object; transmitting the new signature from the secure anchor point device to the content provider.

7. The method of claim 6 further comprising: securely storing the signing key in the secure anchor point device, prior to receiving the signed rights object and a modified rights object; replacing the signing key in the secure anchor point device with the new signing key used to generate the new signature.

8. The method of claim 6 further comprising: securely storing the signing key in the secure anchor point device in association with a binding record corresponding to the encrypted digital property instance, the binding record containing a binding key that decrypts a title pre-key received from the digital rights management module to generate a title key usable to decrypt the encrypted digital property instance; replacing the signing key in the binding record of the secure anchor point device with the new signing key used to generate the new signature.

9. A computer-readable storage device storing instructions, that when executed by a processor cause the processor to perform a method comprising: authenticating a rights object using a secure anchor point device, the secure anchor point comprising a secure, unique, hard-to-falsify circuit, the rights object being provided by a content provider and defining one or more rights to use an encrypted digital property instance, the authenticating including: generating in the secure anchor point device a signature based on a signing; transmitting the signature from the secure anchor point device to the content provider; receiving in the secure anchor point device a signed rights object from a digital rights management module, the signed rights object including the rights object and the signature, responsive to transmitting the signature to the content provider; and receiving a title pre-key when use of the encrypted digital property is in accordance with the one or more rights defined in the signed rights object; verifying the signed rights object in the secure anchor point device using the signing key.

10. The computer-readable storage device of claim 9 wherein the method further comprises: receiving in the secure anchor point device from the digital rights management module a title pre-key associated with the signed rights object and the encrypted digital property instance; generating in the secure anchor point device a title key based on the received title pre-key, the title key being usable to decrypt the encrypted digital property instance, if the verifying operation authenticates the signed rights object.

11. The computer-readable storage device of claim 9 wherein the receiving operation comprises receiving in the secure anchor point device a combination of the signed rights object and a title pre-key from the digital rights management module, and further comprising: generating based on the title pre-key a title key usable to decrypt the encrypted digital property instance in the secure anchor point device, if the verifying operation authenticates the signed rights object.

12. The computer-readable storage device of claim 9 wherein the method further comprises: securely storing the signing key in the secure anchor point device.

13. The computer-readable storage device of claim 9 wherein the method further comprises: securely storing the signing key in the secure anchor point device in association with a binding record corresponding to the encrypted digital property instance, the binding record containing a binding key that decrypts a title pre-key received from the digital rights management module to generate a title key usable to decrypt the encrypted digital property instance.

14. The computer-readable storage device of claim 9 wherein the method further comprises: receiving in the secure anchor point device the signed rights object and a modified rights object; verifying in the secure anchor point device the signed rights object using the signing key; generating in the secure anchor point device a new signature based on a new signing key and the modified rights object; transmitting the new signature from the secure anchor point device to the content provider.

15. The computer-readable storage device of claim 9 wherein the method further comprises: securely storing the signing key in the secure anchor point device, prior to receiving the signed rights object and a modified rights object; replacing the signing key in the secure anchor point device with the new signing key used to generate the new signature.

16. The computer-readable storage device of claim 13 wherein the method further comprises: replacing the signing key in the binding record of the secure anchor point device with the new signing key used to generate the new signature.

17. An apparatus comprising: a secure anchor point device in a digital rights management system, the secure anchor point device including: an unique and hard-to-falsify circuit; a signing module that generates a signature based on a signing key in response to receiving a rights object from a content provider, the rights object defining one or more rights for using an encrypted digital property instance, wherein the signature is transmitted from the secure anchor point device to the content provider; an authentication module that receives a signed rights object from a digital rights management module, the signed rights object including the rights object and the signature, receives a title pre-key when use of the encrypted digital property is in accordance with the one or more rights defined in the signed rights object, and verifies the signed rights object using the signing key.

18. The apparatus of claim 17 further comprising: data storage coupled to the signing module and the authentication module that securely stores the signing key, wherein the authentication module receives the signed rights object and a modified rights object and verifies the signed rights object using the signing key and the signing module generates a new signature based on a new signing key and the modified rights object, the data storage replacing the securely stored signing key with the new signing key.